Hanwha IoT Smart Camera Vulnerabilities

Multiple Vulnerabilities have been found in the Hanwha IoT smart cameras including insecure HTTP protocols, buffer overflows and being able to remotely execute commands with root privileges.

Threat ID:: CC-2169
Category:
Threat Severity:: Low
Threat Vector:
Published:: 22 March 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Multiple Vulnerabilities have been found in the Hanwha IoT smart cameras including insecure HTTP protocols, buffer overflows and being able to remotely execute commands with root privileges.

Threat details

A vulnerability has also been discovered in Hanwha's cloud server XMPP implementation. An error in this implementation can allow an attacker to arbitrarily register user accounts on a server and access all connected cameras.

Remediation steps

Type	Step
	Hanwha have confirmed an update is being released that will remedy these vulnerabilities. Users should update as soon as this is available.

Last edited: 17 February 2020 12:44 pm